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copyright notice 

Copyright ©2001-2005 Chili Systems, Inc. All rights reserved. 

Under the copyright laws, this manual or the software described within, can not be copied, in 
whole or part, without the written consent of the manufacturer, except in the normal use of 
the software to make a backup copy. The same proprietary and copyright notices must be 
affixed to any permitted copies as were affixed to the original. This exception does not allow 
copies to be made for others, whether or not sold, but all of the material purchased (with all 
backup copies) can be sold, given, or loaned to another person. Under the law, copying 
includes translating into another language or format, "the chili box" is a trademark of Chili 
Systems, Inc. 

Other product and company names mentioned herein can be trademarks and/or registered 
trademarks of their respective companies. 

Specifications and descriptions subject to change without notice. 

limited warranty 

Please refer to the chili box quick-start guide for Chili Systems, Inc.'s warranty policy. 
Technical Support is available between the hours of 8:00 AM and 9:00 PM Eastern Standard 
Time, Monday through Friday. 

phone: 866»532»4454 x4 
email: support@chilisystems.com 
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introduction 



The purpose of the configuration guide is to enable you to configure the more advanced 
features and services of the chili box, which include: 



• Domain Name System (DNS) 

• Dynamic Host Configuration Protocol (DHCP) 

• Network Address Translation (NAT) 

• Firewall 

• Web Proxy 

• Fileshare 

• USB Backup 

• Mail 

• VPN 



This guide assumes you are familiar with the basic functionality and steps required to access 
the chili box management interface. If you are in need of assistance, please refer to the 
quick-start guide. 

By default, an administrator account is created with access to ALL services. It is mentioned 
throughout this guide since it is always accessible; however, any of the steps on the 
following pages may be followed by any account with access to the appropriate service(s). 

The chili box Web management interface is known as the GUI (Graphical User Interface) and 
is referred to as such throughout this document. 
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Domain Name System (DNS) 

DNS allows a computer connected to the Internet to use a familiar name to access a Web 
site. For example, a user could enter www.google.com into a Web browser and the URL 
would be converted into an IP address by guerying a DNS server. 

The chili box comes with a robust DNS server that allows clients connected on the LAN 
interface to guery the chili box for IP addresses without needing to leave the secure LAN 
environment. This enhances security since client computers do not need to guery an outside 
server, which may have been compromised. 

The chili box DNS management screen (shown below) can hold an unlimited number of 
internal domains for local resolution. Please note that the internal domain name, 
chilisys.com, cannot be deleted. 



the chili box 



serial: aaaaaaa build: 2.1 .7.3 



main | lotjout 



Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Web Prow 
Fileshare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
• Loaout 



Configure DNS 



Add DNS Domain Name 



Instructions: Create a new domain name. 
Domain Name: i 



* required 



Dynamic? 


Yes v 






add 





Current DNS Domain Names 



Instructions: Edit or remove a domain name by clicking the corresponding link. 
Domain Name: Action: 
chilisys.com 



In addition, the chili box can provide Dynamic DNS capabilities to the LAN environment, 
allowing for DHCP to assign addresses to printers, desktops, and laptops. The DNS server 
will automatically record the name for local name to IP address resolution. 



Add DNS Domain Name 

1) Under "Add DNS Domain Name", enter the "Domain Name". 

2) If you would like the domain name to also be updated via the LAN, leave the 
"Dynamic?" option as "Yes"; selecting "No" will only allow it to be updated manually. 



page 6 



the chili box configuration guide 



Edit DNS Domain Name 



1) Under "Current DNS Domain Names", click the domain name you wish to edit. 

2) At the top of the page, under "Manage DNS Records", enter the "Hostname" you 
wish to associate with the record, such as "www" for a Web site or "mail" for a Mail 
server. 

3) Select the "Record Type" you would like to use: 

- "A" is the address record, which is not associated with mail, such as "www" 

- "MX" is the mail exchanger, which is only used for mail, such as "mail" 

- "CNAME" is similar to an alias, such as "www2.domain.com" 

4) Depending on the type of record, enter the "IP Address" or "Hostname": 

- "A" or "MX" use an IP address; enter it in the "IP Address" fields 

- "MX" or "CNAME" use a hostname; enter it in the "Hostname" field 

5) Select if you would like to use a PTR, which is useful if you wish to find out the name 
of a user's computer by doing a reverse lookup on the IP address. 

6) Click 'update' when finished. 



. Logout 



/stem info 



Internet 

69.37.1 68.21 0 

Network 

1 92.1 68.1.1 

chilisystems 

©2001-2005 
Chili Systems, Inc. 
All Rights Reserved. 





Description: The hostname is used to reference a machine (e.g., liostiiaine.mylJitsiiiess.com). 


Hostname: 


| |* required 


Record Type: 


| A v 


IP Address (A or MX Record): 
-OR- 

Hostname (CNAME Record): 




-OR- 


| |* required 


PTR (resolves IP address to the hostname) : 


| Yes v | 


update 
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Dynamic Host Configuration Protocol (DHCP) 

The chili box has a DHCP server, which can automatically assign IP addresses to computers 
on the LAN. This makes it much easier to administer, since you do not have to manually 
configure each client computer to access the network. 



the chili box 



serial: aaaaaaa build: 2.1 .7.3 



main | logout 



Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Web Proxy 
Fileshare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
> Logout 



system info 



Internet 

69.37.1 68.21 0 



Network 

1 92.1 68.1.1 



systems 

©2001-2005 
Chili Systems, Inc. 
All Rights Reserved. 



DHCP: Configure Server 

Setver Configuration | Display Leases 



DHCP Server Configuration 



Instructions: Set the global options for the DHCP server. 
Is DHCP Authoritative? 
Domain Name: 

Default Lease Expiration (in minutes): 
Max Lease Expiration (in minutes): 
IP Scope Start: 
IP Scope End: 
Subnet Mask: 
DNS IP: 

Gateway IP for clients: 



ichilisys.com 



;1 440 



:2SSU 



Yes v 



J default: cliilisys.com 

] default: 1440 (24 rirs.) 
1 default: 2880 (48 hrs.) 



192 


.168 


. 1 


|, 50 


* required 




192 


.168 


,|l 


|. 200 


* required 




255 


.255 


.|255 


|. 0 


|* required 


192 


.168 


,|l 


* 1 


|* required 


192 


.168 


. 1 


|. 1 


* required 



update 



DHCP Status 



Last Configured On: Tue Aug 05 1 5:1 4:20 EDT 2003 
Current Settings: 

Default Lease Time: 1440 minutes 



Max Lease Time: 
DHCP Scope Start: 
DHCP Scope End: 
DHCP Subnet: 
DNS name: 
DNS IP: 

Authoritative : 



2880 minutes 

192. 168.1. SO 

192.168.1.200 

255.255.255.0 

chilisys. com 

192.168.1.1 

Yes 



Is DHCP Authoritative? - The DHCP server on the chili box can be set as the "Authoritative" 
server on the LAN, the server that is responsible for providing IP addresses. 

Domain Name - The domain name can be set for a LAN to assign it to clients requesting a 
DHCP address. If a host name has been set on the client, it will be added to the beginning of 
the LAN domain name. For example, if the host name was "office308pc" and the LAN 
domain name was "chilisys.com", the fully-qualified name after a successful DHCP lease 
would be "office308pc.chilisys.com". 

Default Lease Expiration - This setting changes the amount of time a client computer will be 
assigned a leased IP address. 
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Max Lease Expiration - This setting assigns the maximum length in seconds that will be 
assigned to a lease. 

IP Scope Start - Client computers can be assigned an IP address starting from this address. 

IP Scope End - Client computers can only be assigned an IP address up to this number and 
no further. 

Subnet Mask - Computers requesting an address will also be given this subnet mask to 
make them part of the overall network segment. 

DNS IP - This setting will assign the DNS server for the LAN segment that the chili box is 
responsible for (by default this is usually the chili box's IP address). 

Gateway IP for clients - If you wish, you may enter a separate internal IP address for client 
workstations to use. This will not affect the actual Gateway listed under "Internet" on the left. 



Reserve IP Address 

If you would like to specify a static IP address for a device on the network, such as a printer, 
you may reserve an IP address. This will ensure that the IP is not given out and will also allow 
users to reach the device by name. 

1) Under "Reserve IP Address", enter the "Hostname". 

2) Enter the static internal "IP Address". 

3) Enter the "MAC Address" — this can be found on Windows 9x by running "winipcfg" 
and clicking 'More Info >>' and on Windows Me/NT/2000/XP by using the "ipconfig 
/all" command; it will be displayed on a printer by viewing the status display monitor. 

4) Click 'add' when finished. 



Reserve IP Address 



Instructions: Add IP address to be reserved below. 


Hostname: 


| |* required 


IP Address: 


I |-| |-| |-| * required 


MAC Address: 


I l*l l*l l*l l*l I'l * required 




add 







Current IP Address Reservations 



Instructions: Delete reservations as needed. 


Hostname IPAddress 
No Current Reservations 


MAC Address 


Action: 
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DHCP Leases 

If you would like to view the current computers, printers, etc. connected to the chili box 
network, the corresponding names and internal IP addresses will be listed here. 



serial aaaaaaa build 2 1 .7 3 mafil I logout 



DHCP: Display Leases 

Server Configuration | Display Leases 



DHCP Leases 



No leases exist. 




Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
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Network Address Translation (NAT) 

Network Address Translation (NAT) changes each LAN computer request for Internet access 
so that its IP address becomes the chili box's IP address. This allows the chili box to examine 
the packets coming from a remote computer, but the remote computer will think it's really 
communicating with the chili box. Since all packets must pass through the chili box to arrive 
at a host on the LAN, the chili box can drop any malicious traffic before it reaches the original 
host computer. 

In addition, the chili box can expose a specific port from a computer inside the LAN to the 
Internet. This will allow a computer to offer services to the Internet such as e-mail, Web, and 
remote desktop while still being protected by the chili box. 




the chili box 



serial aaaaaaa build: 2.1 .7.3 



main | logout 



Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Web Prow 
Fileshare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
• Registration Info 
. Remote Access 
. Chili Box Managers 
. Logout 



system info 



internet 

69.37.1 63.21 0 



Netwoi k 

192.168.1.1 



Network: Configure NAT 



chilisystems 

(9)2001-2005 
Chili Systems, Inc. 
All Rights Reserved. 



distinctions: Create static routes below. 
Name: 

External IP Address: 
External Port: 
Internal Address: 
Internal Port: 
Protocol: 



DHCP-IP v 



TCP 



* required if doing port translation 

' required if doing port or IP translation 



add 

















Instructions: Delete routes as needed. 


Name. External IP | Port: 
None. 


Internal IP \ Port: 


Protocol: Action: 



Name - A description given to the NAT route to remember what it is for. 

External IP Address - This setting is used to select the outside IP address that the NAT route 
will answer incoming requests from (please note that when using a dynamic address only 
"DHCP" can be selected). 

External Port - This is the external port to expose to the Internet. 
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Internal IP Address - This setting selects the IP address on the LAN to connect the NAT 
route. 

Internal Port -This is the internal port listening on the internal IP address specified above. 
Protocol - Use this drop-down to select the protocol to map into the internal network. 



Add New Route 

1) Under "New Route", enter the "Name" of the route. 

2) Depending on how you configured the chili box, you may select to use "DHCP-IP" or 
one of your external IP addresses as the "External IP Address". 

3) Enter the "External Port" of the rule, which is used for the computer connecting 
through the chili box. 

4) Enter the "Internal IP Address" of the client you would like to have access from. 

5) Enter the "Internal Port" of the rule, which is configured in the "Firewall: Add New Port 
Rule" section, explained on the next page. 

6) Enter the "Protocol" that the rule will use: 

- "TCP" is a connection-oriented protocol, which requires a handshake 

- "UDP" is a connection-less protocol, which does not require a handshake 

7) Click 'add' when finished. 
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Firewall 

A firewall protects a network from the external network. This prevents unauthorized access to 
the internal network, since it blocks outsiders from viewing private data resources. In 
addition, when used with the proxy server, appropriate rules may be set up to control network 
users' privileges of and access to the Internet. 



Internet 

Network 
DNS 
DHCP 
NAT 
Firewall 
Web Proxy 
Fileshare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chill Box Managers 
• Logout 



system info 



Internet 

69.37.1 68.21 0 



Netwoi k 

192.1 68.1.1 



systems 

©2001-2005 
Chili Systems, Inc. 
All Rights Reserved. 



Firewall Port Rules 



Security Mode 



Instructions: Change the Firewall's security mode. 
Select Mode: 



High 



update 



New Port Rule 



Instructions: Open ports hy adding rules Pelow 
Description: 

Source IP Address: 

Source CIDR Address: 

Destination IP Address: 



(0.0.0.0 equals all IP addresses) 



Destination CIDR Address: 
Destination Port/Type (numPer or"all"): 
Protocol: 
Rule: 



* required 



, 0 



.0 



(leave Plankfor any destination) 
* required 



TCP v 



allow v 



add 



Current Port Rules 



Instructions: Delete port rules as needed. 


Description: 


Source: 


Destination: 


Port/Type: 


Prot: 


Rule: 


Action: 


test 


any 


21 2.56.32.41 


3454 


tcp 


allow 


Delete 


open mail 


any 


any 


25 


tcp 


allow 


Delete 


open pop 


any 


any 


110 


tcp 


allow 


Delete 





Sort Port Rules 




Description: Changing the order of rules affects their precedence. For instance, ifyouwishto deny certain traffic, 
he sure the rule is before the allow rule. Contradicting rules will follow the first rule listed in the order and ignore 
any further rules that contradict the first. 


Current Rules Order 


New Rules Order 


1) test from any to 21 2.56.32.41 allow on port 3454 u 

2) open mail from any to any allow on port 25 using t 

3) open pop from any to any allow on port 1 1 0 using ' 









Description - An explanation given to the Firewall port rule for easy identification. 

Source IP Address - This setting is used to select the outside IP address that the Firewall 
port rule will answer incoming requests from. 

Source CIDR Address - Enter the source's CIDR address here, if necessary. 
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Destination IP Address - This setting is used to select the inside or outside IP address that 
the Firewall port rule will direct incoming requests to. 

Destination CIDR Address - Enter the destination's CIDR address here, if necessary. 

Destination Port/Type - This is the internal port number for TCP (e.g., SMTP is 25, POP3 is 
1 10) or UDP, or type (ICMP) listening for the rule. 

Protocol - Use this drop-down to select the protocol to map into the internal network. 

Rule - Use this drop-down to select "allow" or "deny" to grant or block access, respectively. 



New Port Rule 

1) Under "New Port Rule", enter a "Description" of the port rule. 

2) Enter the "Source IP Address" (please note that the default of 0.0.0.0 allows all IP 
addresses to use port rule). 

3) Enter the "Destination IP Address" (leave blank for any destination). 

4) Enter the Destination Port/Type" number, which is to be used as the internal port/type 
when adding a NAT route. 

5) Enter the "Protocol" that the port rule will use: 

- "TCP" is a connection-oriented protocol, which requires a handshake 

- "UDP" is a connection-less protocol, which does not require a handshake 

- "ICMP" is a message control and error-reporting protocol, such as a Ping request 

6) Select the "Rule" that you would like to use, either "allow" or "deny". 

7) Click 'add' when finished. 



Sort Port Rules 

Once you have configured more than one Firewall port rule, you may follow the optional 
instructions below to change the precedence of the rules. This is useful if two rules exist that 
require a logical order to be followed. For example: 

1) Web Traffic - deny using protocol tcp and ip 172.16.0.153 on port 80 

2) Web Traffic - allow using protocol tcp and ip any on port 80 

When the Firewall follows the above order, it denies access from 172.16.0.153 but allows 
access by all others. If the order were reversed, it would allow access by all and ignore the 
"deny" rule, which would render it useless. The current order of the rules is listed under 
"Current Rules Order". 

1) When you have decided on the precedence of the rules for the system to follow, click 
each rule once in the same order. 

2) You will notice that the order will change under "New Rules Order"; if you wish to 
remove certain rules, simply select each and click 'Remove Value'. 

3) Click 'Submit Values' when finished to save the changes. 
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Web Proxy 



A Web proxy allows an administrator to control the site and content that all users are allowed 
or not allowed to view. The chili box uses a transparent proxy, which essentially means that 
each client's Web browser software does not need to be configured to use a proxy server. 
Everything is done transparently to the user, allowing you to control Internet usage at your 
own discretion. 

You may configure blocks to filter by site names (e.g., playboy.com, whitehouse.com, etc.), 
or, if you wish to prohibit usage for numerous sites, by phrases (e.g., sex, xxx, etc.). 
Conversely, you may configure allowances by site names (e.g., google.com, 
whitehouse.gov) or phrases (e.g., Essex). If a block and allowance conflict with each other, 
the allowance will take precedence. 

Since the Web Proxy filter is based on the URL or keyword and is not case sensitive, it can 
easily be configured to block or allow file extensions, such as MPG, MOV, MP3, AVI, etc. 




Internet 
Network 
DNS 
DHCP 



NAT 
Firewall 
Web Prow 
Fileshare 
USB Backup 
Mail 
VPN 



the chili box 



Web Proxy Configuration 



Display Information 



serial: aaaaaaa build: 2.1.7.3 



main | kxjom 



Instructions: Display filtered items, save existing configuration, or load another list. 

View List Backup Change List 

Blocked Items Save Load Load Default Load Blank 

Allowed Items Save Load Load Default Load Blank 



Blocked Items - View current sites and phrases that are denied from being accessed. 

Allowed Items - View current sites and phrases that are granted to be accessed. 

Save - Back up current configuration. 

Load - Open a previously saved configuration. 

Load Default - Revert to factory default listing. 

Load Blank - Clear existing entries so listing is completely empty. 
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Add Block 



You can easily and quickly add items to the "Blocked Items" section by doing the following: 

1) Under "Add Item to Block", enter the domain name or phrase. 

2) Click 'add'. 

NOTE: When entering a domain name, "www. " is not required. 

After each item has been added, the page will be refreshed and the new entry will appear at 
the end of the entire listing. If you wish to delete an entry, simply click the "Delete" link to the 
right. Since there is no confirmation before permanently deleting the block, you may click the 
'Back' button of your browser if you make a mistake, then re-enter the item. 



the chili box 



serial: aaaaaaa build: 2.1 ,7.3 



main | logout 



Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Web Prow 
Flleshare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
• Layout 



system info 



Internet 

69.37.1 68.21 0 



Web Proxy Configuration 



Display Information 



Instructions: Display filtered items, save existing configuration, or load another list. 

View List Backup Change List 

Blocked Items Save Load Load Default Load Blank 

Allowed Items Save Load Load Default Load Blank 



Current Blocks 



Instructions: View and remove current blocks, 
lustanexample.com 



Add Item to Block 




Instructions: Add a new item to block C'www." is not required). 

Domain Name or Keyword (e.g., gamMng. com, xxk, etc.): | I 




LiOd 





Delete 
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Add Allowance 



As with blocking phrases or sites, you can easily and quickly add items to the "Allowed 
Items" section by doing the following: 

1) Under "Add Item to Allow", enter the domain name or phrase. 

2) Click 'add'. 



NOTE: When entering a domain name, "www. " is not required. 



After each item has been added, the page will be refreshed and the new entry will appear at 
the bottom of the entire listing. If you wish to delete an entry, simply click the "Delete" link to 
the right. Since there is no confirmation before permanently deleting the allowance, you may 
click the 'Back' button of your browser if you make a mistake, then re-enter the item. 




Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Web Prow 
Fileshare 
USB Backup 
Mail 
VPN 



administration 



• Network Services 
. Preferences 

• Registration Info 
. Remote Access 

. Chili Box Managers 
. LoijoM 



system info 



Internet 

69.37.1 68.21 0 



the chili box 



Web Proxy Configuration 



Display Information 



serial: aaaaaaa build: 2.1.7.3 



main | kxjont 



Instructions: Display filtered items, save existing configuration, or load another list. 

View List Backup Change List 

Blocked Items Save Load Load Default Load Blank 

Allowed Items Save Load Load Default Load Blank 



Add Item to Allow 



Instructions: Add a new item to allow C'www." is not required). 
Domain Name or Keyword (e.g., iiomjie.com, Essex, etc.): \~ 



add 



Current Allowances 



Instructions: View or remove current allowances. 
Iustanexample.com 



Delete 
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Fileshare 

A fileshare allows a network to have a central location for data, such as photos, videos, 
MP3s, documents, and so on. Users on the network will have access to the files depending 
on their usage permissions. 



the chili box 



serial: aaaaaaa build: 2.1 .7.3 



i noil i | loyout 



Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Web Proxy 
Fileshare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
• Chili Box Managers 
> Loyout 



system info 



Internet 

69.37.1 68.21 0 



Netwoi k 

1 92.1 68.1.1 



chilisystems 
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Fileshare 

Server Configuration | Manage Users | Manage Shares 



Server Configuration 



Instructions: Modify server settings. 

Workgroup (note that "workgroup" is used as the default for Windows PCs): 
Description: 



* required 



update 





Last Configured On: Sat Feb 05 1 1 :37:37 EST 2005 


Current Settings: 




Computer Name: 


Tlbx Files 


Work group: 


Sharepoint 


Description: 


ToolBox share 



Workgroup - This is the "Share" name of the Fileshare, which is similar to the machine name 
of a computer on the network. 

Description - This is used to describe the Workgroup. 



Edit Chili Box Workgroup Name 

If you wish to rename the workgroup to be accessed by users on the network, you may do so 
by following these steps: 

1) Under "Workgroup", enter the name. 

2) Under "Description", enter the description of the server. 

3) Click 'update'. 



page 1 8 



the chili box configuration guide 



Manage Users 



This section is used to add, modify, and delete users for Fileshare access. 



Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Wen Proxy 
Fileshare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
• Logout 



system info 



Internet 

6§.37. 1 68.21 0 



NeTwoi k 

1 92.1 68.1.1 



chilisystems 
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Fileshare/Mail: Manage Users 

Server Configuration | Manage Users | Manage Shares 



flddlEdit User 



Instructions: Create a new user or edit information after selecting the user below. 


Username: 


| |* required 


Groups (e.g., financial, management): 


| |* required 


E-Mail Addresses (e.g., userf@abc.coiq, user2@abc.com) \ \ 


Password (at least 7 characters): 


| |* required 


Confirm Password: 


| |* required 











Instructions: Edit or remove a user Py clicking the corresponding link. 


User: Groups 


Action: 


testuser testshare 


Delete 


simpg mailgroup 


Delete 


ajette mailgroup 


Delete 



Password Policy 



Instructions: Select whetheryou would like users' passwords to he checked. Please consult APPENDIX A in the 
chili box configuration guide to see why having strong passwords is recommended. 


Require strong passwords? 




Yes v| 




update 





Username - The account name for the user, which will also be used for Mail. 
Groups - The group(s) the user is a member of. 

E-mail Addresses - The associated e-mail address(es) for the user, which will also be used 
for Mail. 

Password - Enter the password to be used for the user. 

Confirm Password - Enter the password again for verification by the chili box. 



Add User 

To add an account on the Fileshare server, simply do the following: 

1) Under, "Add/Edit User", enter the "Username". 

2) Enter the "Group" (one or many) the user will be a member of. 

3) Enter the "E-mail Addresses" that will be directed to the account. 

4) Enter the "Password", then re-enter it in the "Confirm Password" field. 

5) Click 'add' when finished. 
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Edit User 

To edit an account on the Fileshare server, simply do the following: 

1) Under "Current Users", click the user you wish to edit, which is listed under "User". 

2) At the bottom of the page, under "Add/Edit User", edit the information you wish to 
change. 

3) You must re-enter it in the "Password" and "Confirm Password" fields. 

4) Click 'add' when finished. 
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Manage Shares 

This section is used to add, modify, or delete Shares. 



Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
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USB Backup 
Mail 
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administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
> Logout 



system info 
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Fileshare: Manage Shares 

Server Configuration | Manage Users | Manage Shares 





Instructions: Create a new share or edit an existing one after selecting it above. 


Share Name: 


1 h 


Description: 


1 1 


Privileged Users (e.g., user?, nser2): 


1 l» 


Privileged Groups (e.g., group 1, groupl) 


1 I- 


Read-only Users (e.g., user3, usei'4). 


1 1 


Browseable share? 


| Yes v 




Hide unreadable files? 


|Yes v 




Writable share? 


|Yes v 




* required 

"one ofthesetwo is required 


add 





Instructions: Edit or remove a share by clicking the 


corresponding link. 


Share Name 


Action 


tests ha re 


Delete 


hello 


Delete 



Share Name - The name for the Share. 



Description - This is used to describe the Share name. It will show up when one selects the 
Share on the client computer. 

Privileged Users - The user(s) who has/have full access rights (read, modify, delete) to the 
Share. 

Privileged Groups - The group(s) that has/have full access rights to the Share. 

Read-only Users - The user(s) who has/have limited access rights (read-only) to the Share. 

Browseable share? - Used to specify if the Share is capable of being shown without knowing 
the Share name. If "No" is selected, it will only be accessible by manually entering the 
information on the client computer. 

Hide unreadable files? - Used to specify if system files are to be shown. If "No" is selected, 
system files will be viewable. 

Writable share? - Used to specify if the share can be updated. If "No" is selected, all users 
would only have read-only access. 
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Add Share 

1) Under "Add/Edit Share", enter the "Share Name" (the name you would like to 
associate with the Share). 

2) Enter the "Description" you would like to use. 

3) Enter the "Privileged Users" by entering the usernames, separated by commas. 

4) Enter the "Privileged Groups" by entering the usernames, separated by commas. 

5) Enter the "Read-only Users" by entering the usernames, separated by commas. 

6) Select if you would like it to be a "Browseable Share". 

7) Select if you would like to "Hide Unreadable Files". 

8) Select if you would like it to be a "Writable Share". 

9) Click 'add' when finished. 



Edit Share 

1) Under "Current Shares", click the share you wish to edit, which is listed under "Share 
Name". 

2) At the bottom of the page, under "Add/Edit Share", edit the information you wish to 
change. 

3) Click 'add' when finished. 
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USB Backup 

The USB Backup feature on the chili box allows you to fully back up your data from the 
Fileshare. No longer do you have to be concerned about your data being lost by hardware 
failure or other causes, such as a fire, since you will be able to easily disconnect the external 
hard drive to take with you when you leave the location. 



Internet 
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administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
> Logout 



system info 



Internet 

69.37.1 68.21 0 



USB Backup 



Backup Options 



Instructions: Change options in text boxes. 


Reports will he sent to this e-mail address: 


I 




|* required 


Days of the weekto back up: 


CH Sunday 
CH Monday 
CH Tuesday 
CH Wednesday 
EH Thursday 
D Friday 
D Saturday 




Hour of the day to back up: 


| 4 am v | 




E-mail notification on connection of hard drive: 


No 


V 






update 





Reports will be sent to this e-mail address - Enter the e-mail address to which the reports will 
be sent. The recipient will receive notices of successful and unsuccessful backups. 

Days of the week to back up - Select any or all of the days that you would like the backup to 
take place. 

Hour of the day to back up - Select what time you would like the backup to occur. We 
recommend selecting an after-hours time, such as very early in the morning or late at night. 

E-mail notification on connection of hard drive - Select whether the recipient specified for 
receiving the reports will get an e-mail when the external hard drive has been connected to 
the USB port. 
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Mail 

This section allows the capability of full management for Mail services. These include adding 
a domain name for Mail that the chili box will be responsible for, as well as assigning e-mail 
accounts, addresses, lists, and configuring the spam setting. 

Server Configuration 

To add a domain name that the Mail server will be responsible for, simply do the following: 

1 ) At the "Server Configuration" page, under "Add Domain Route" enter the "Domain 
Name". 

2) Click 'add'. 

NOTE: When entering the domain name, "www. " is not required. 
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Mail Configuration 

Server Configuration \ Manage Users | List Configuration | Spam Configuration 



Add Domain Route 




Instructions: Add a domain to which the server will receive mail fwww." is not required). 

Domain Name (e.g., mybnsiness.com): I | 




add 





Current Domain Routes 



Instructions: Remove a domain by clicking the corresponding link. 
Doniiiin: testdomain.com 



Delete 
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Manage Users 



To add an e-mail account on the Mail server, simply do the following: 



1) At the "Manage Users" page, under "Add/Edit User" enter the "Username". 

2) Enter the "Groups" the user will be a member of. 

3) Enter the "E-mail Addresses" that will be directed to the account. 

4) Enter the "Password", then re-enter it in the "Confirm Password" field. 

5) Click 'add' when finished. 



To edit an e-mail account on the Mail server, simply do the following: 



1) Under "Current Users", click the user you wish to edit, which is listed under "User" 

2) At the top of the page, under "Add/Edit User", edit the information you wish to 
change. 

3) Since the chili box does not store unencrypted passwords, you must re-enter it in the 
"Password" and "Confirm Password" fields. 

4) Click 'update' when finished (the 'add' button will change). 



the chili box 



serial: aaaaaaa build: 2.1 .7.3 
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Fileshare/Mail: Manage Users 

Server Configuration | Manage Users | List Configuration | Spam Configuration 



AddJEdit User 



Instructions: Create a new user or edit information after selecting the user below. 
Username: 

Groups (e.g., financial, management 
E-Mail Addresses (e.g., user1fgiabc.com, user2@ahc.conj) 

Password (at least 7 characters): 
Confirm Password: 



* required 



' required 
' required 



add 



Current Users 



distinctions: Edit or remove a user Py clicking the corresponding link. 
User: Groups 
testuser testshare 
simpg mailgroup 
ajette mailgroup 



Action: 
Delete 
Delete 
Delete 



" required 



Password Policy 




Instructions: Select whetheryou would like users' passwords to he checked. Please consult APPENDIX A in the 
chili box configuration guide to see why having strong passwords is recommended. 


Require strong passwords? 


Yes v| 




update 
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List Configuration 



To add a distribution list that the Mail server will send e-mail to, simply do the following: 



1) At the "List Configuration" page, under "List Name" enter the name to which you 
would like to refer to the distribution list. 

2) Enter the "List Address(es)" for the list. For example, e-mail sent to 
info@mydomain.com and sales@mydomain.com can both be associated to the list 
called "request". 

3) Enter the "Recipient Address(es)" for the list. For example, e-mail sent to 
info@mydomain.com and sales@mydomain.com will go to internal users (e.g., 
simpg, testuser, etc.) and outside e-mail addresses (e.g., 
someone@otherdomain.com, bob@somewhere.com, etc.). 

4) Click 'add'. 
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List Configuration 

Server Configuration | Manage Users | List Configuration | Spam Configuration 



Add Recipients 



Instructions: Create a new list with an initial recipient. 
List Name: 

List Address(es) - Alias(es) associated with the list: 
e.g., list!^;mydoniaiii.coni is sent to the List Name 

Recipient Address(es) - Username(s) or outside e-mail address(es): 
e.g., frerfj swneonegoBierrfoma&icofn 



add 



* required 



" required 





distinctions: Delete a list or click on it to expand. 


List Name 


Action 


ajette_alias 


Delete 


all users 


Delete 


simpg_alias 


Delete 


testuser_alias 


Delete 
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Spam Configuration 

To change the default spam score for stricter blocking of spam received through the Mail 
server, simply do the following: 



1) At the "Spam Configuration" page, under "Change Spam Score" change the "Score". 
You may select any number from 1 to 10, with 1 being the strictest (which will filter out 
the most spam, but may result in false positives) and 10 being the most lenient (a 
minimal amount of spam will be detected. 

2) Click 'update' when finished. 

3) Since potential spam messages will show up with {Spam?} before the subject, you 
may create a filter in your mail program to automatically move e-mail determined to 
be spam to a separate folder (e.g., 'Junk' or 'Deleted Items'). Please refer to your 
mail program's Help feature for directions. 
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Mail Configuration 

Server Configuration | Manage Users | List Configuration | Spam Configuration 



Change Spam Score 




Instructions: Lower the spam score for stricter blocking of spam. 

Score (1: strictest): \5 v| default: 5 




update 
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VPN 

A VPN (Virtual Private Network) allows you to securely connect from one location to another 
over an encrypted tunnel. This is the preferred method of connecting different locations due 
to its strong security features. In addition, by using a VPN the locations will appear to be on 
the same network, even though they may be in different states or even countries. 



Generate Secret 



To generate a secret for the VPN tunnel, which acts as a key so the two locations can 
communicate with each other, simply do the following: 

1) Under "Generate Secret" click 'update'. 

2) The generated secret will be shown under "Add Tunnel" (under "Secret"). 

NOTE: Although you are able to use your own secret, we recommend allowing the chili 
box to assign one for you. Since it is randomly generated, this is the most secure method. 



r wr 



the chili box 



serial: aaaaaaa build: 2.1 .7.3 



main | layout 
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Network 
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administration 



> Network Services 



Network: Configure VPN 



Generate Secret 



Instructions: Generate a secret to be used in the 
are VPN'd. Using this generator is the preferred rr 


vPN tunnel. Th 
ethod to produ 

update 


s secret should be copied into all chili boxes that 
ce keys. 


Add Tunnel 





Instructions: Define the internal and eternal IPs of this chili box as well as the product you wish to VPN with. The 
credentials usedtorthe local machine should bethe same as the credentials used by the remote machine. 



Secret: 



" required 
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Add Tunnel 



To add a VPN tunnel on the chili box, follow the below steps (see next page for screen shot): 
Local Addressing 

1) Under "Local Identifier", enter the IP address or domain name to which you would like 
to refer to the setup on the current chili box. 

2) Enter the external IP of the current chili box under "External IP of local machine" 
(found in the "system info" box on the left, under "Internet"). 

3) Enter the internal IP of the current chili box under "Internal IP of local machine" (found 
in the "system info" box on the left, under "Network"). 

4) Enter the CIDR address for the current chili box, if necessary, under "Internal CIDR 
Address of local machine". 

5) The default "Local Port" is 500, which may be changed if necessary (it must be the 
same as the remote port). 

Remote Addressing 

6) Under "Remote Identifier", enter the IP address or domain name to which you would 
like to refer to the setup at the other location (a second chili box or a VPN device). 

7) Enter the external IP of the other location under "External IP of remote machine". 

8) Enter the internal IP of the other location under "External IP of remote machine". 

9) Enter the CIDR address for the other location, if necessary, under "Internal CIDR 
Address of remote machine". 

10) The default "Remote Port" is 500, which may be changed if necessary (it must be the 
same as the local port). 

1 1) If you do not need to specify any settings under General Configuration, Phase 1 , or 
Phase 2 you may click 'add'. If you need to make additional changes, update the 
configuration then click 'add'. 
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USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
• Logout 



system info 



Internet 

69.37.168.210 



Network 

182.188.1.1 
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Instructions: Define the internal and external IPs of this chili box as well as the product you wish to VPN with. The 
credentials used for the local machine should be the same as the credentials used by the remote machine. 


Secret: 




I 




|* required 


Local Addressing 


Local Identifier (IP, FQDN, or user_FQDN): 






|* required 


External IP of local machine: 






LI 


. |.| |* required 


Internal IP of local machine: 






LI 


. |.| |* required 


Internal CIDR Address of local machine: | | 


Local Port: 




|500 | 




Remote Addressing 


Remote Identifier (IP, FQDN, or user_FQDN): 






|* required 


External IP of remote machine: 






LI 


. |.| |* required 


Internal IP of remote machine: 






LI 


. |.| |* required 


Internal CIDR Address of remote machine: | | 


Remote Port: 




500 




General CetitiQittation 


Exchange modes (in order of preference): 


| aggressive v 


main 


Size of'nonce" in bytes (8-256): 




|16 I 




Send "initial-contact' message? 




| yes v | 




Support Mip6? 




| no v | 




Pliase 1 


Lifetime ofVPN phase 1 exchange: 




|24 | | hours 


v | 


Encryption algorithm for phase 1 : 




| blowfish v | 




Hash algorithm for phase 1 : 




| shal v | 




Diffle Hellman group for phase 1 : 






5 v 




Phase 2 


Lifetime ofVPN phase 2 exchange: 




|S0 | | minutes v | 


Diffie Hellman group for phase 2: 






5 v 




Encryption algorithm for phase 2: 






ijndael v|| blowfish v||3des v| 


Authentication algorithm for phase 2: 




| hmac_sha1 v 


|| hmac_md5 v | 




add 




update 















Current Tunnels 



Instructions: Delete tunnels or display keys. 


Name: 


Action: 


None. 





Edit Tunnel 



To edit a VPN tunnel on the chili box, follow the below steps: 

1 ) Under "Current Tunnels", click the VPN tunnel you wish to edit (the External IP of the 
remote machine is shown). 

2) When the current tunnel's information is shown, edit the fields you wish to change 
(e.g., "External IP of remote machine"). 

3) Click 'update' when finished. 
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Network Services 

The purpose of this section is to display the status of all services of the chili box and allow 
the capability to start, stop, restart, and disable the available services. If a message is 
displayed to restart a service after making a configuration change, it is done here. 



NOTE: If any of the below services are not running on your chili box, it is likely that the 
services are not being used. 




Internet 
Network 
DNS 
DHCP 
NAT 
Firewall 
Web Prow 
Fllesliare 
USB Backup 
Mail 
VPN 



administration 



. Network Services 
. Preferences 



the chili box 



serial: aaaaaaa build: 2.1.7.3 



main | lotjoiit 



Network Services 



Service Name 


Status 


Start Stop 


Restart 


Action 


Network 






Restart 




Internet 






Restart 




DNS 




Stop 


Restart 




DHCP Server 


O 






Enable 


NAT Server 


• 


Stop 


Restart 


Disable 


Firewall Server 


• 


Stop 


Restart 


Disable 


Web Proxy Server 




Stop 


Restart 


Disable 


Filesliare 


• 


Stop 


Restart 


Disable 


Mail Server 


o 






Enable 


VPN 








Enable 


Chili Box Power 




SHUT DOWN 


REBOOT 





Stop, Restart, or Disable Service 



NOTE: JavaScript must be enabled so the below options in red can be stopped or 
restarted: 



MService Name 


Stop 


Restart 


Action I 


Internet 




Restart 




Network 




Restart 




DNS 


Stop 


Restart 




DHCP Server 


Stop 


Restart 


Disable 


NAT Server 


Stop 


Restart 


Disable 


Firewall Server 


Stop 


Restart 


Disable 


Web Proxy Server 


N/A 


N/A 


Disable 


Fileshare 


Stop 


Restart 


Disable 


Mail Server 


N/A 


N/A 


Disable 


VPN 






Disable 


Chili Box Power 


SHUT DOWN 


REBOOT 





The condition of a service can be changed at any time. Please note that those with as 
their choices are not available. This is done so no required service is inadvertently stopped. 
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How to Restart the Chili Box 



If you would like to restart the chili box, please follow these directions. It is very important to 
restart the chili box according to these steps, as potential data loss or connectivity problems 
may occur if they are not followed. 

1 ) After you have logged in successfully, click the "Network Services" link in the left 
navigation bar. 

2) On the Chili Box Power row, click the REBOOT link to restart the chili box. When you 
see the confirmation pop-up, click 'OK' to confirm the selected action. 

3) After the chili box has been successfully restarted, you may log in again to verify 
everything is working correctly. 

NOTE: To turn off the chili box, press the power button and release it. DO NOT KEEP THE 
POWER BUTTON PRESSED. Wait for both LEDs to turn off which may take up to a minute. 
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Preferences 



If you would like to change your password, update the e-mail address that receives 
notifications, and enable/disable pop-up restart reminders, it is done in this section. 



Internet 
Network 
DNS 



DHCP 
NAT 
Firewall 
Web Proxy 
Fileshare 
USB Backup 
Mail 
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administration 



. Network Services 
. Preferences 
. Registration Info 
. Remote Access 
. Chili Box Managers 
> Logout 



system info 



Internet 

69.37.1 68.21 0 



Network 

1 92.1 68.1.1 



Preferences 



Change Password 



Instructions: Choose a new password for configuring the chili bos. 


Current Password | 




|* required 


New Password | 




|* required 


Confirm Password | 




|* required 




update 





Change Notification 




Instructions: Add or change the e-mail address that receives notifications. 


E-Mail Address (e.g., user%mybitsiness.cotn): 


|user@mybusiness.com | 




update 





Pop-up Restart Reminders 




Instructions: Change the notification of restart alerts. 


Display Restart Reminders? 


0 Yes 


UDdQtC 



Change Password 

To change the password for the current user, simply follow the below directions: 



1) Enter the current password under "Current Password" and the new password under 
"New Password". Re-enter it in the "Confirm Password" field. 

2) Click 'update' to initiate the change. 



Change Notification 

To add/edit the e-mail address that receives notifications, follow these steps: 



1) Enter the e-mail address under "E-mail Address". 

2) Click 'update' for the change to take effect. 



Pop-up Restart Reminders 

To change the option to have a pop-up dialog box appear when a service requires a restart 
for the changes to occur, follow the below directions: 

1 ) If you would like the prompt to appear, check "Yes" under "Display Restart 
Reminders?"; otherwise, make sure the box is NOT checked. 

2) Click 'update' to save the setting. 
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Remote Access 



This page will allow you to change the option of managing the GUI from a remote location. 
For instance, you may wish to change certain settings on the chili box when you are away 
from home or the office. 



the chili box 



serial: aaaaaaa build: 2.1 .7.3 in<"iin | ln\n»i 
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Remote Access 



Remote Administration 



Allow remote administration? 



0 Yes 



update 



Enable Chili Systems Technical Support 




Allowtechnical support? (Confirm with representative.) @ Yes 




update 





Remote Administration 



To modify the ability to remotely access the GUI, follow these steps: 

1 ) If you would like the ability to manage the box from the outside, check "Yes" under 
"Allow remote administration?"; otherwise, make sure the box is NOT checked. 

2) Click 'update' to save the setting. 

Enable Chili Systems Technical Support 

While you are speaking with a technical support representative, you have the ability to allow 
him/her to connect to your chili box from the back-end. By checking this option, the tech will 
be more likely to solve your problem in a timely and efficient manner: 

1 ) If you would like to allow a representative to connect to your chili box from the back- 
end, check "Yes" under "Allow technical support?"; otherwise, make sure the box is 
NOT checked. 

2) Click 'update' to save the setting. 
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Chili Box Managers 

If you would like to allow privileged users to have access to the chili box GUI, it is done in this 
section. You can easily change the services each chili box Manager has access to by 
selecting the appropriate service and clicking the corresponding button ('Grant' or 'Deny'). 

NOTE: When logged in as "admin", it is possible to grant or deny existing services for the 
"admin" account. Although you may always correct any mistake, make the changes 
carefully. 
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Chili Box Managers 



Access Control 



Instructions: Grant or deny managers' access rights to services. 
Username Denied Services 

admin | Not Applicable v \ grant 



Granted Services 

I WAN 



deny 



Add Chili Box Manager 



Instructions: Create a new chili box manager. 

Username: 

Password: 

Confirm Password: 



J* required 
]* required 
1* required 



add 



Remove Chili Box Managers 



Instructions: Remove a chili box manager by clicking the corresponding link. 

Username: Action: 

admin 



Add Chili Box Manager 

To allow access for a certain user, simply follow the below directions. If the user has a Mail or 
Fileshare account, the same username may be used, but it is completely separate from the 
mentioned services. 

1) Under "Add chili box Manager", enter the "Username". 

2) Enter the "Password", then re-enter it in the "Confirm Password" field. 

3) Click 'add'. By default, all services are denied. You may grant or deny services by 
selecting each option then clicking the corresponding button ('Grant' or 'Deny'). 
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APPENDIX A: How to Choose a Password 



chili box security 

Strong passwords — ones that are at least eight characters long, include both letters and two 
numbers as well as one special character or symbol — for chili box managers are an absolute 
necessity. We believe in setting a high standard of security, but unauthorized changes can 
occur if someone can guess the password of a manager's account. Using the Secure 
Sockets Layer (SSL), the password is sent encrypted, but "brute force" techniques may still 
be used to discover the password. 

An attacker may attempt to log into the remote administration as an administrator and try 
different passwords. Although we have considered locking this type of account, it will only 
cause valid administrators to be locked out by attackers. Failed password attempts are 
logged, but with enough attempts the password may be uncovered. 

employee security 

For users on the chili box that are set up to use services, passwords are also extremely 
important. If an employee's password is acquired, his or her e-mails can be read or personal 
files on the Fileshare can be altered or stolen. Other problems can arise, such as filling up 
the chili box hard drive(s) so that no more space can be used by employees. 

about password attacks 

Common password attacks are accomplished using dictionary files, which contain common 
words and password combinations such as "passwd" or "changeme". It is also trivial to write 
a program that will try random words in the dictionary and append or prepend numbers to 
them (e.g., "cactusl" or "45cactus"). The program could be expanded to also substitute 
numbers or symbols for letters, or to shorten words (e.g., "apple" would become "Apple" or 
"appLe", or even perform other attempts like "app!" or "appl3"). Passwords of this nature can 
and eventually will be cracked. An extremely secure password is more than 8 characters long 
and comprised of random numbers, letters, and symbols (e.g., "8gh.Zh;q*1f"). Since we 
advocate not writing down passwords, they should be made easy to remember yet still hard 
to break. Below are some guidelines to choose this type of password. 

1) Select a phrase, such as "I enjoy old blue cars from Ford or Chrysler" 

2) Attempt to modify real words into imaginary words, such as "leObCfFoC" 

3) You can then place the words together, or separate them using special characters, or 
both. An example of this could be "leO,bC;fFoC". Certainly make it as easy to 
remember as possible. 

4) At the end, substitute some numbers in and possibly capitalize. The final password 
becomes "leO,bC;fFOC". Though it looks rather complicated, it is still quite similar to "I 
enjoy old blue cars" and is near impossible to guess. The password could surely be a 
little easier, but this is just an example. Other examples follow: 

- "home sweet home is the place to be" becomes "hSh1 +ptB" 

- "I love relaxing on the weekends" becomes "11 r$0tW" 
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